package org.commandmosaic.security.authorizer.factory;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableSet;
import com.google.common.util.concurrent.UncheckedExecutionException;
import java.lang.annotation.Annotation;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.stream.Stream;
import org.commandmosaic.api.Command;
import org.commandmosaic.api.CommandContext;
import org.commandmosaic.api.executor.ParameterSource;
import org.commandmosaic.security.AccessDeniedException;
import org.commandmosaic.security.annotation.Access;
import org.commandmosaic.security.authorizer.Authorizer;
import org.commandmosaic.security.core.Identity;

/* loaded from: input_file:org/commandmosaic/security/authorizer/factory/DefaultAuthorizerFactory.class */
public class DefaultAuthorizerFactory extends AuthorizerFactory {
    private final LoadingCache<ImmutableSet<String>, Authorizer> authorizerCache = CacheBuilder.newBuilder().softValues().build(new CacheLoader<ImmutableSet<String>, Authorizer>() { // from class: org.commandmosaic.security.authorizer.factory.DefaultAuthorizerFactory.1
        public Authorizer load(ImmutableSet<String> immutableSet) {
            return new RequiresAnyOfTheAuthoritiesAuthorizer(immutableSet);
        }
    });

    /* loaded from: input_file:org/commandmosaic/security/authorizer/factory/DefaultAuthorizerFactory$PublicAccessAuthorizer.class */
    private static class PublicAccessAuthorizer implements Authorizer {
        private static final PublicAccessAuthorizer INSTANCE = new PublicAccessAuthorizer();

        private PublicAccessAuthorizer() {
        }

        @Override // org.commandmosaic.security.authorizer.Authorizer
        public boolean isAuthenticationRequired() {
            return false;
        }

        @Override // org.commandmosaic.security.authorizer.Authorizer
        public void checkAuthorization(Class<? extends Command<?>> cls, Identity identity, ParameterSource parameterSource, CommandContext commandContext) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/commandmosaic/security/authorizer/factory/DefaultAuthorizerFactory$RequiresAnyOfTheAuthoritiesAuthorizer.class */
    public static class RequiresAnyOfTheAuthoritiesAuthorizer implements Authorizer {
        private final ImmutableSet<String> requiredAuthorities;

        private RequiresAnyOfTheAuthoritiesAuthorizer(ImmutableSet<String> immutableSet) {
            Objects.requireNonNull(immutableSet, "argument requiredAuthorities cannot be null");
            this.requiredAuthorities = immutableSet;
        }

        @Override // org.commandmosaic.security.authorizer.Authorizer
        public boolean isAuthenticationRequired() {
            return true;
        }

        @Override // org.commandmosaic.security.authorizer.Authorizer
        public void checkAuthorization(Class<? extends Command<?>> cls, Identity identity, ParameterSource parameterSource, CommandContext commandContext) {
            if (identity == null) {
                throw new AccessDeniedException("Authentication is required to access: " + cls.getName());
            }
            Set<String> authorities = identity.getAuthorities();
            if (authorities != null) {
                Stream<String> stream = authorities.stream();
                ImmutableSet<String> immutableSet = this.requiredAuthorities;
                immutableSet.getClass();
                if (!stream.noneMatch((v1) -> {
                    return r1.contains(v1);
                })) {
                    return;
                }
            }
            throw new AccessDeniedException("Access Denied: " + cls.getName());
        }

        public String toString() {
            return "RequiresAnyOfTheAuthoritiesAuthorizer{requiredAuthorities=" + this.requiredAuthorities + '}';
        }
    }

    /* loaded from: input_file:org/commandmosaic/security/authorizer/factory/DefaultAuthorizerFactory$RequiresAuthenticationAuthorizer.class */
    private static class RequiresAuthenticationAuthorizer implements Authorizer {
        private static final RequiresAuthenticationAuthorizer INSTANCE = new RequiresAuthenticationAuthorizer();

        private RequiresAuthenticationAuthorizer() {
        }

        @Override // org.commandmosaic.security.authorizer.Authorizer
        public boolean isAuthenticationRequired() {
            return true;
        }

        @Override // org.commandmosaic.security.authorizer.Authorizer
        public void checkAuthorization(Class<? extends Command<?>> cls, Identity identity, ParameterSource parameterSource, CommandContext commandContext) {
            if (identity == null) {
                throw new AccessDeniedException("Authentication is required to access: " + cls.getName());
            }
        }
    }

    @Override // org.commandmosaic.security.authorizer.factory.AuthorizerFactory
    public Authorizer getAuthorizer(Class<? extends Command<?>> cls) {
        Authorizer requiresAnyOfTheAuthoritiesAuthorizer;
        Access.IsPublic isPublic = (Access.IsPublic) getAnnotationFromClassHierarchy(cls, Access.IsPublic.class);
        Access.RequiresAuthentication requiresAuthentication = (Access.RequiresAuthentication) getAnnotationFromClassHierarchy(cls, Access.RequiresAuthentication.class);
        Access.RequiresAuthority requiresAuthority = (Access.RequiresAuthority) getAnnotationFromClassHierarchy(cls, Access.RequiresAuthority.class);
        Access.RequiresAnyOfTheAuthorities requiresAnyOfTheAuthorities = (Access.RequiresAnyOfTheAuthorities) getAnnotationFromClassHierarchy(cls, Access.RequiresAnyOfTheAuthorities.class);
        checkAnnotations(cls, isPublic, requiresAuthentication, requiresAuthority, requiresAnyOfTheAuthorities);
        if (isPublic != null) {
            requiresAnyOfTheAuthoritiesAuthorizer = PublicAccessAuthorizer.INSTANCE;
        } else if (requiresAuthentication != null) {
            requiresAnyOfTheAuthoritiesAuthorizer = RequiresAuthenticationAuthorizer.INSTANCE;
        } else if (requiresAuthority != null) {
            requiresAnyOfTheAuthoritiesAuthorizer = getRequiresAnyOfTheAuthoritiesAuthorizer(cls, requiresAuthority);
        } else {
            if (requiresAnyOfTheAuthorities == null) {
                throw new IllegalStateException("Annotation check reached an invalid state");
            }
            requiresAnyOfTheAuthoritiesAuthorizer = getRequiresAnyOfTheAuthoritiesAuthorizer(cls, requiresAnyOfTheAuthorities);
        }
        return requiresAnyOfTheAuthoritiesAuthorizer;
    }

    private Authorizer getRequiresAnyOfTheAuthoritiesAuthorizer(Class<? extends Command<?>> cls, Access.RequiresAuthority requiresAuthority) {
        String value = requiresAuthority.value();
        if (value.trim().length() == 0) {
            throw new IllegalStateException("@RequiresAuthority value is empty on: " + cls.getName());
        }
        return getRequiresAnyOfTheAuthoritiesAuthorizer(cls, value);
    }

    private Authorizer getRequiresAnyOfTheAuthoritiesAuthorizer(Class<? extends Command<?>> cls, Access.RequiresAnyOfTheAuthorities requiresAnyOfTheAuthorities) {
        String[] value = requiresAnyOfTheAuthorities.value();
        if (value.length == 0) {
            throw new IllegalStateException("@RequiresAnyOfTheAuthorities annotation does not declare any authorities on: " + cls.getName());
        }
        return getRequiresAnyOfTheAuthoritiesAuthorizer(cls, value);
    }

    private Authorizer getRequiresAnyOfTheAuthoritiesAuthorizer(Class<? extends Command<?>> cls, String... strArr) {
        try {
            return (Authorizer) this.authorizerCache.get(ImmutableSet.copyOf(strArr));
        } catch (ExecutionException | UncheckedExecutionException e) {
            throw new IllegalStateException("Failed to fetch command access metadata for " + cls.getName(), e);
        }
    }

    private void checkAnnotations(Class<? extends Command<?>> cls, Access.IsPublic isPublic, Access.RequiresAuthentication requiresAuthentication, Access.RequiresAuthority requiresAuthority, Access.RequiresAnyOfTheAuthorities requiresAnyOfTheAuthorities) {
        if (isPublic == null && requiresAuthentication == null && requiresAuthority == null && requiresAnyOfTheAuthorities == null) {
            throw new IllegalStateException("When security is used, a class must be either annotated with @IsPublic, @RequiresAuthentication, @RequiresAuthority or @RequiresAnyOfTheAuthorities");
        }
        if (isPublic != null && requiresAuthentication != null) {
            throw new IllegalStateException("Both @IsPublic and @RequiresAuthentication are present on " + cls);
        }
        if (isPublic != null && requiresAuthority != null) {
            throw new IllegalStateException("Both @IsPublic and @RequiresAuthority are present on " + cls);
        }
        if (isPublic != null && requiresAnyOfTheAuthorities != null) {
            throw new IllegalStateException("Both @IsPublic and @RequiresAnyOfTheAuthorities are present on " + cls);
        }
        if (requiresAuthority != null && requiresAnyOfTheAuthorities != null) {
            throw new IllegalStateException("Both @RequiresAuthority and @RequiresAnyOfTheAuthorities are present on " + cls);
        }
    }

    private <A extends Annotation> A getAnnotationFromClassHierarchy(Class<?> cls, Class<A> cls2) {
        A a;
        do {
            a = (A) cls.getAnnotation(cls2);
            if (a == null) {
                cls = cls.getSuperclass();
                if (cls == null) {
                    break;
                }
            } else {
                break;
            }
        } while (cls != Object.class);
        return a;
    }
}
